Table of Contents

Slackware64-14.1 ChangeLog (2013-08-06)

Tue Aug 6 05:23:34 UTC 2013

Looks like 3.10.x got LTS status, but more importantly fixes the power issue
on resume with some Intel machines. So, we're bumping the kernel to 3.10.5,
and will stick with that series for the release. A few more things to look at
before calling this a beta, but it's pretty close. Enjoy!

n/httpd-2.4.6-x86_64-1.txz
This update addresses two security issues:
* SECURITY: CVE-2013-1896 (cve.mitre.org) Sending a MERGE request against
a URI handled by mod_dav_svn with the source href (sent as part of the
request body as XML) pointing to a URI that is not configured for DAV
will trigger a segfault.
* SECURITY: CVE-2013-2249 (cve.mitre.org) mod_session_dbd: Make sure that
dirty flag is respected when saving sessions, and ensure the session ID
is changed each time the session changes. This changes the format of the
updatesession SQL statement. Existing configurations must be changed.
For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2249
(* Security fix *)